[ http://issues.apache.org/jira/browse/GERONIMO-1206?page=comments#action_12358115 ]
Vamsavardhana Reddy commented on GERONIMO-1206: ----------------------------------------------- What happens when an SQL like the following is used? (SELECT user, password FROM users WHERE username=?) UNION (SELECT usrnam, pwd FROM moreusers WHERE usrnam=?) > SQLSecurityRealm doesn't work with PostgreSQL > --------------------------------------------- > > Key: GERONIMO-1206 > URL: http://issues.apache.org/jira/browse/GERONIMO-1206 > Project: Geronimo > Type: Bug > Components: security, databases > Versions: 1.0-M5 > Reporter: Aaron Mulder > Assignee: Aaron Mulder > Fix For: 1.0 > > The SQLSecurity realm tries to be clever and dynamically discover the number > of prepared statement parameters (?'s) in the queries. PostgreSQL doesn't > support the getParameterMetaData call this relies upon. Since this was just > a convenience anyway, I'm going to remove the dynamicness and require that > the user and group SQL statements have exactly 1 ? which stands for the > username. As in: > SELECT user, password FROM users WHERE username=? > SELECT user, role FROM user_roles WHERE username=? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
